Two security firms, Kaspersky Lab and Avast,
said they had identified the malware behind the attack in upward of 70
countries, although both said the attack had hit Russia hardest.

The
Russian Interior Ministry has confirmed it was hit by the "ransomware"
attack, which encrypts data on infected computers and demands payment,
usually via the digital currency bitcoin, to release it.

Britain's
health service was also hit hard as the attack froze computers at
hospitals across the country, shutting down wards, closing emergency
rooms and bringing medical treatments to a halt.

Hospitals in London, northwest England and other
parts of the country reported problems and asked patients not to come to
hospitals unless it was an emergency.

Many cancelled all routine
procedures and some chemotherapy patients were even sent home because
their records could not be accessed.

Most of the affected
hospitals were in England, but several facilities in Scotland also
reported being hit. Doctors' practices and pharmacies reported similar
problems.

Expert believes attack was not targeted

As
similar widespread ransomware attacks were reported in Spain, Romania
and elsewhere, experts warned online extortion attempts by hackers are a
growing menace.

Hospitals, with their often outdated IT systems and trove of confidential patient data, are a particularly tempting target.

British
Prime Minister Theresa May said there was no evidence that patient data
had been compromised in the attack, and that it had not specifically
targeted the National Health Service (NHS).

"It's an international attack and a number of countries and organisations have been affected," she said.

NHS
Digital, which oversees hospital cybersecurity, said the attack was
affecting organisations from across a range of sectors." It initially
said 16 NHS organisations had reported being hit, and more reports came
in as the day went on.

NHS
Digital said the attack used the Wanna Decryptor variant of malware,
which infects and locks computers while the attackers demand a ransom.

Pictures
posted on social media showed screens of NHS computers with images
demanding payment of $300 worth of the online currency Bitcoin, saying:
"Ooops, your files have been encrypted!

Alan Woodward, visiting
professor of computing at the University of Surrey, said there was
evidence the ransomware was spreading using a Microsoft flaw exposed in a
US security leak.

He said the affected computers likely had not
applied the Microsoft patch or were running old operating systems for
which no patch was available.

"I don't believe it will have been a
targeted attack, but will simply have been that the ransomware has
sought out those organisations that are running susceptible devices," Mr
Woodward said.

Spain also hit by 'massive infection'

Spain,
meanwhile, activated a special protocol to protect critical
infrastructure in response to the "massive infection" of personal and
corporate computers in ransomware attacks.

The National Centre for
the Protection of Critical Infrastructure said it was communicating
with more than 100 providers of energy, transportation,
telecommunications and financial services about the attack.

The
Spanish government said several companies had been targeted in
ransomware cyberattack that affected the Windows operating system of
employees' computers.

It said the attacks were carried out with a
version of WannaCry ransomware that encrypted files and prompted a
demand for money transfers to free up the system.

Spain's Telefonica was among the companies hit.

Britain's
National Cyber Security Centre, part of the GCHQ electronic
intelligence agency, said it was working with police and the health
system to investigate the attack.

British government officials and
intelligence chiefs have repeatedly highlighted the threat to critical
infrastructure and the economy from cyberattacks.

The National Cyber Security Centre said it had detected 188 "high-level" attacks in just three months.

AP/Reuters

Experience is something you gain a few minutes after you could have used it!

Acyber gang with possible links to Russia is being blamed for the extraordinary worldwide computer security breach - possibly in retaliation for US airstrikes on Syria.

The mysterious organisation - called Shadow Brokers - claimed in April it had stolen a ‘cyber weapon’ from an American spying agency that gives unprecedented access to all computers using Microsoft Windows, the world’s most popular computer operating system.

The hacking tool had been developed by the National Security Agency (NSA), America’s powerful military intelligence unit. The NSA had developed its ‘Eternal Blue’ hacking weapon to gain access to computers used by terrorists and enemy states.

The gang in turn ‘dumped’ the computer bug on an obscure website on April 14, just a week after President Donald Trump ordered the US bombing of Syria.

Some experts believe that timing is significant and indicates that Shadow Brokers has links to the Russian government.

In an internet posting, six days earlier on April 8 - and a day after the first airstrikes - Shadow Brokers appeared to issue a warning to President Trump.

In a statement, the group said in broken English: “Respectfully, what the f*** are you doing? The Shadow Brokers voted for you. The Shadow Brokers supports you. The Shadow Brokers is losing faith in you. Mr Trump helping the Shadow Brokers, helping you. Is appearing you are abandoning ‘your base’, ‘the movement’, and the peoples who getting you elected.”

It is believed ‘Eternal Blue’, having been dumped by Shadow Brokers, was then picked up by a separate crime gang which used it to gain remote access to computers, including systems that brought parts of the NHS to a standstill.

The gang, having gained access to computers, then deployed a second software programme - using ransomware called WanaCrypt or WannaCry - which hijacks a computing system and encrypts all the files contained on it.

The only way to unlock the files is to pay a ransom.

In this case, the gang is demanding $300 for each computer it unlocks - paid in ‘bitcoins’, a virtual currency used on the internet.

One computer security expert said ‘Eternal Blue’ was used as the ‘crowbar’ that effectively opened the doors to computers, making them vulnerable to attack. The results have been devastating.

Sean Sullivan, security adviser to F-Secure, a cyber security company, said: “Shadow Brokers obtained the NSA tools that exposed a vulnerability in Microsoft’s operating systems. They dumped the instructions detailing how to get in. The exploit is the ‘crowbar’ to open the door and the ransomware is the ‘hand grenade’ you lob in once the door is open.”

It is thought the NSA warned Microsoft its hacking tool had been stolen earlier this year, prompting Microsoft to develop a ‘patch’ - or fix - in March allowing computer users to update their systems and protect them from cyber attack. But operating systems older than 2009 are not though to have been protected. This may have made the NHS more vulnerable because of outdated systems in some hospitals and GP surgeries due to lack of IT investment.

Graham Cluley, a computer security expert, said: “Microsoft developed the patch after an exploit was taken from US intelligence. The US intelligence agency found a security hole in Microsoft software and rather than doing the decent thing and contacting Microsoft they kept it to themselves and exploited it for the purposes of spying. Then they themselves got hacked. And it was at that point Microsoft thought, ‘Jesus we need to patch against this thing’”

“It’s likely that regular online criminals simply used the information that the Shadow Brokers put on the internet and thought ‘how can we monetise this’.”

Nobody knows who is behind Shadow Brokers but in a statement issued to a specialist technology website in December, the gang said: “The Shadow Brokers is not being irresponsible criminals. The Shadow Brokers is opportunists. The Shadow Brokers is giving ‘responsible parties’ opportunity to making things right.”

Edward Snowden, the NSA whistleblower now living in exile in Russia, claimed last year that Shadow Brokers was backed by the Kremlin following another leak. Snowden tweeted that “circumstantial evidence and conventional wisdom indicates Russian responsibility”.

Official advice from Spain’s emergency computer response service yesterday appeared to confirm that the ransomware attacks stemmed from the Eternal Blue tool, when it urged organisations to download a Microsoft update that protects against it.

Cyber security experts told The Telegraph the ransomware was being quickly spread by a wave of “phishing” emails carrying bogus attachments that infected computers when unsuspecting users clicked on them.

Adam Meyers, vice president of intelligence at the cyber firm CrowdStrike, said thousands of dollars had been tracked rolling into internet accounts set to up to receive the ransom payments.

However official government advice on both sides of the Atlantic is not to pay criminals behind such attacks.

Mr Meyers said: “We advise people not to pay, because if people do pay, it emboldens these criminal actors.”

He instead urged organisations to make sure they had backed up their data and installed the latest software updates and security. Employees in the NHS also had to be warned how to spot the suspect emails.

Worst thing that's ever happened to me was getting some virus that automatically changed my browser homepage to some porn site so whenever anyone opened it they'd be confronted with a close up of some bird getting jammed in the arse. Awkward to explain to anyone else needing to use the computer.

I've lost everything x 2 many years ago, the last when OH decided to open a bloody film star attachment in my email He's since been gifted his own to wreck NBN leaving me cyberless for a week was the latest 'trauma' but TBV survived with thanks to PT filling in the gaps!

Experience is something you gain a few minutes after you could have used it!

Worst thing that's ever happened to me was getting some virus thatautomatically changed my browser homepage to some porn site so whenever anyone opened it they'd be confronted with a close up of some bird getting jammed in the arse. Awkward to explain to anyone else needing to use the computer.

I already use this mob & I know it's an ad. but it explains the process better than media articles

Don't worry about world's most advanced piece of ransomware. We've got your back!Bitdefender's advanced detection technologies have blocked WannaCry from the very beginning

You
might have already heard that a new family of ransomware called
WannaCry has infected over 140,000 computers worldwide. This piece of
ransomware is based on a zero-day exploit that helps it jump from one
infected computer to another and encrypt all the information stored on
it.

We're writing to you to let you know that Bitdefender's
advanced detection capabilities based on next-generation technologiess
were able to intercept this threat since its emergence. As a Bitdefender
customer, your information has been safe all the time.

Here is a little background information about this new threat

Unlike other ransomware families, the WannaCry strain
does not spread via infected e-mails or infected links. Instead, it
takes advantage of a security hole in most Windows versions to
automatically execute itself on the victim PC. According to various
reports, this attack avenue has been developed by the National Security
Agency (NSA) in the US as a cyber-weapon and it was leaked to the public
earlier in April along with other classified data allegedly stolen from
the agency.

Until now, a number of hospitals, telecom companies or
gas and utilities plants have suffered massive disruptions caused by
data being held at ransom.

As this ongoing outbreak is affecting countless computer
users around the world, we are actively working on a free decryption
tool to help victims recover their information without paying the
ransom. Make sure to follow us on Twitter and Facebook to be notified
when it becomes available.

Experience is something you gain a few minutes after you could have used it!

From what I have read of this, the attack was on Windows systems generally but most anti virus companies have stopped putting out updates and patches for Windows 98 and NT systems leaving them vulnerable to this. Apparently a lot of hospitals and govt institutions particularly in Britain still use NT

Bitdefender
has identified a massive ransomware attack triggered by a version of
the GoldenEye or Petya ransomware that is currently claiming victims
across the world.
Unlike other families of ransomware, GoldenEye does not encrypt
individual files, but rather the entire hard disk drive. It then reboots
it to prevent the user from accessing that information. When the
encryption process is complete, GoldenEye forcefully crashes the
computer and asks for $300 as ransom.

Our
initial investigation reveals that it spreads automatically from one
computer to another using multiple vulnerabilities in the operating
system, including the EternalBlue exploit that grabbed the headlines
during the #WannaCry attack.

We're writing you to let you know that you are safe and Bitdefender blocks the currently known samples of the new GoldenEye variant.
If you want to know more about this, we're tweeting live as the investigation unfolds on @Bitdefenderlabs.

Experience is something you gain a few minutes after you could have used it!

As I understand it Gay the comp[anies that got hit had not updated their OS and virus protection to the latest versions.

Apparently (apart from slackness) the reason can be they did not want to update until they had tested the effect on all their systems and in some cases an inadequatel IT staff meant they simply had not got round to doing this

House panel asks agencies for docs from Russian cyber firm

A House panel has asked nearly two dozen government agencies for documents on Russian-origin cybersecurity firm Kaspersky Lab.

The House Science, Space and Technology Committee made the request to 22 different government agencies in letters that were released by the committee on Friday.

House Science Chairman Lamar Smith (R-Texas) wrote in the letters, sent Thursday, of concern that the cybersecurity firm’s products could be used to conduct "espionage" or “nefarious activities against the United States.”

Kaspersky Lab, which has headquarters in Moscow but operates around the world, including in the United States, has fallen under increased scrutiny over alleged ties to Russian intelligence.

While the U.S. government has produced no public evidence showing the company to be somehow compromised by the Russian government, intelligence officials have nevertheless expressed concerns over its products.

The issue was pushed to the forefront during a Senate Intelligence Committee hearing in May, when six top U.S. intelligence officials testified that they would not be comfortable with Kaspersky Lab software on their computers.

The committee has requested documents and communications about Kaspersky products dating back to the start of 2013. The letters also ask for lists of systems that use Kaspersky products or services and government contractors or subcontractors that use them.

Smith wrote in the letters that “the committee is concerned that Kaspersky Lab is susceptible to manipulation by the Russian government, and that its products could be used as a tool for espionage, sabotage, or other nefarious activities against the United States.”

The letters were sent to the departments of Commerce, Homeland Security, Energy and State, as well as the Pentagon and the individual service branches, in addition to several other agencies. Smith is requesting the information by Aug. 11.

Smith couched the request as “part of an ongoing review of the federal government’s cybersecurity policies and standards.”

The company has long described the suspicions of ties to the Russian government as baseless. Kaspersky’s anti-virus software is widely lauded in cybersecurity circles, and the company boasts 400 million users worldwide.

“Kaspersky Lab has no ties to any government, and the company has never helped, nor will help, any government in the world with its cyberespionage efforts,” the company said in an emailed statement to The Hill on Friday.

“The company has a 20 year history in the IT security industry of always abiding by the highest ethical business practices and trustworthy development of technologies, and Kaspersky Lab believes it is completely unacceptable that the company is being unjustly accused without any hard evidence to back up these false allegations,” Kaspersky said.

The issue has been amplified by the U.S. intelligence community’s conclusion that Russia sought to interfere in the 2016 presidential election using cyberattacks and disinformation. In June, Senate lawmakers with oversight of the Defense Department inserted language into a fiscal 2018 defense policy bill that would bar the Pentagon from using Kaspersky software.

This month, the General Services Administration removed Kaspersky-manufactured products from a list of outside products approved for use by government agencies.

The developments have frustrated the company’s founder, Eugene Kaspersky. “With the U.S. and Russia at odds, somehow, my company, its innovative and proven products as well as our amazing employees are repeatedly being defamed,” he wrote in a June blog post.

The company’s North America division is separate from the headquarters in Russia.

I'm sure no company has ever assisted the US in cyber-espionage activities, either. I'm starting to think Putin is right when he talks about arrogant American exceptionalism. You'd be amazed if any intelligence apparatus wasn't into finding out all it could about anything that could affect the national interest. They'd be failing in their job to do otherwise.

Kaspersky are rolling out a free version with no ads at the moment. I used their premium product for a year- got it for a couple of bucks- and it didn't find one virus. But that's not unusual- none of the anti viruses I use ever find a virus. How do you get one of these viruses people are always fretting over?

If you watch some of the discussions at the Aspen Security Conference last week with every top Agency official present and most recent speaking, cyber is the warfare threat of the future and the Russians are well in front of the game at the moment

Russian Hackers Stole NSA Data on U.S. Cyber Defense

The breach, considered the most serious in years, could enable Russia to evade NSA surveillance and more easily infiltrate U.S. networks

By

Gordon Lubold and

Shane Harris

WASHINGTON—Hackers working for the Russian government stole details of how the U.S. penetrates foreign computer networks and defends against cyberattacks after a National Security Agency contractor removed the highly classified material and put it on his home computer, according to multiple people with knowledge of the matter.

The hackers appear to have targeted the contractor after identifying the files through the contractor’s use of a popular antivirus software made by Russia-based Kaspersky Lab, these people said.

The theft, which hasn’t been disclosed, is considered by experts to be one of the most significant security breaches in recent years. It offers a rare glimpse into how the intelligence community thinks Russian intelligence exploits a widely available commercial software product to spy on the U.S.

The incident occurred in 2015 but wasn’t discovered until spring of last year, said the people familiar with the matter.

The stolen material included details about how the NSA penetrates foreign computer networks, the computer code it uses for such spying and how it defends networks inside the U.S., these people said.

Having such information could give the Russian government information on how to protect its own networks, making it more difficult for the NSA to conduct its work. It also could give the Russians methods to infiltrate the networks of the U.S. and other nations, these people said.

The breach is the first known incident in which Kaspersky software is believed to have been exploited by Russian hackers to conduct espionage against the U.S. government. The company, which sells its antivirus products in the U.S., had revenue of more than half a billion dollars in Western Europe and the Americas in 2016, according to International Data Corp. By Kaspersky’s own account it has more than 400 million users world-wide.

The revelation comes as concern over Russian infiltration of Ameri more......

Just letting you know that your mates in the Kremlin, the ones you continually apologise for when bagging your own country, are doing it better than anyone else, but just keep your head where it is and go la, la la and pretend it really isn't happening.

You cannot post new topics in this forumYou cannot reply to topics in this forumYou cannot delete your posts in this forumYou cannot edit your posts in this forumYou cannot create polls in this forumYou cannot vote in polls in this forum